Bug 1387283

Summary:	Validation SSH keys are not copied to the overcloud nodes
Product:	Red Hat OpenStack	Reporter:	Jason E. Rist <jrist>
Component:	openstack-tripleo-heat-templates	Assignee:	Tomas Sedovic <tsedovic>
Status:	CLOSED ERRATA	QA Contact:	Udi Kalifon <ukalifon>
Severity:	high	Docs Contact:
Priority:	high
Version:	10.0 (Newton)	CC:	akrivoka, jjoyce, jschluet, mburns, opavlenk, rhel-osp-director-maint, slinaber, tvignaud, ukalifon
Target Milestone:	rc	Keywords:	Triaged
Target Release:	10.0 (Newton)
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	openstack-tripleo-heat-templates-5.0.0-1.5.el7ost openstack-tripleo-common-5.3.0-5.el7ost	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2016-12-14 16:23:32 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jason E. Rist 2016-10-20 14:15:42 UTC

Cloned from launchpad bug 1635226.

Description:

After `openstack overcloud deploy ...` finishes, it should be possible to run the validations from the UI or via Mistral.

This is not the case though and instead, the (overcloud) validations error out with: "Failed to connect to the host via ssh."


As far as I could discover so far, it's because the deploy_ssh_keys workflow gets an empty list of servers to copy the SSH keys to. The workflow that sets up the keys is here:

https://github.com/openstack/tripleo-common/blob/8aa75683cbf796f8c0dc0334c03ef5023c96ca72/workbooks/deployment.yaml#L121

which invokes copy_ssh_key:

https://github.com/openstack/tripleo-common/blob/8aa75683cbf796f8c0dc0334c03ef5023c96ca72/workbooks/validations.yaml#L183

When I run `mistral task-list`, there are no errors there, but the `get_servers` task returns an empty list (even though this should be a complete deployment now and all the nodes should be in nova).

Running `mistral run-action nova.servers_list` does return the expected result.

And running `mistral execution-create tripleo.validations.v1.copy_ssh_key` manually after the deployment does get the list of servers and uploads the keys properly.

Specification URL (additional information):

https://bugs.launchpad.net/tripleo/+bug/1635226

Comment 1 Jason E. Rist 2016-11-02 04:30:56 UTC

Needs reviews but patch posted. https://review.openstack.org/391093

Comment 2 Jon Schlueter 2016-11-02 21:16:38 UTC

master patch landed, proposed stable/newton backport

https://review.openstack.org/#/c/392971

Comment 3 Tomas Sedovic 2016-11-08 14:48:10 UTC

Both upstream patches and their stable/newton backports have landed now:

https://review.openstack.org/#/c/392971/
https://review.openstack.org/#/c/394446/

Comment 5 Udi Kalifon 2016-11-16 12:22:18 UTC

All post-deployment validations are failing. On the overcloud nodes there is no tripleo-validations entry in .ssh/authorized_keys. Failing the bug.

Comment 7 Jason E. Rist 2016-11-18 20:47:04 UTC

Udi it is my understanding that your environment was stale and that this is working as intended.  Can you confirm?

Comment 8 Udi Kalifon 2016-11-20 07:54:32 UTC

What do you mean "stale"? This bug is still valid in:
openstack-tripleo-heat-templates-5.0.0-1.6.el7ost.noarch
openstack-tripleo-common-5.3.0-6.el7ost.noarch

Comment 9 Ola Pavlenko 2016-11-23 12:45:26 UTC

Need to retest on new puddle.

Comment 10 Ana Krivokapic 2016-11-24 13:29:42 UTC

I have post-deployment validations passing and tripleo-validations entry is present in the authorized_keys file on overcloud nodes.

openstack-tripleo-validations-5.1.0-5.el7ost.noarch

Comment 13 errata-xmlrpc 2016-12-14 16:23:32 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2948.html